If you’re just looking for a quick “one-liner” installation, check the top-level install guide.
If you need a customised installation, use this guide for step-by step instructions for installing BWC on a single
Ubuntu/Debian 64 bit system as per the Reference deployment.

The currently preferred and supported version of MongoDB is 3.2. This is the version
installed by the installer script. MongoDB 3.4 is supported in StackStorm v2.2.0 and above.
Older versions of StackStorm (prior to v1.6.0) only supported MongoDB 2.x.

To run local and remote shell actions, BWC uses a special system user (default stanley).
For remote Linux actions, SSH is used. It is advised to configure identity file based SSH access on all remote hosts. We also recommend configuring SSH access to localhost for running examples and testing.

Create BWC system user, enable passwordless sudo, and set up ssh access to “localhost” so that SSH-based action can be tried and tested locally. You will need elevated privileges to do this.

Configure SSH access and enable passwordless sudo on the remote hosts which BWC would control
over SSH. Use the public key generated in the previous step; follow instructions at Configure SSH.
To control Windows boxes, configure access for Windows runners.

Adjust configuration in /etc/st2/st2.conf if you are using a different user or path to the key:

The reference deployment uses File Based auth provider for simplicity. Refer to Authentication
to configure and use PAM or LDAP authentication backends.

Note

When using pam authentication backend you need to make sure that
the st2auth process runs as root system user otherwise the
authentication will fail. For security reasons st2auth process runs
under st2 user by default. If you want to use pam auth backend and
change it to run as root, you can do that by editing the service manager
file for the st2 auth service.

# Get an auth token and use in CLI or API
st2 auth st2admin
# A shortcut to authenticate and export the tokenexportST2_AUTH_TOKEN=$(st2 auth st2admin -p 'Ch@ngeMe' -t)# Check that it works
st2 action list

NGINX is used to serve WebUI static files, redirect HTTP to HTTPS,
provide SSL termination for HTTPS, and reverse-proxy st2auth and st2api API endpoints.
To set it up, install st2web and nginx, generate certificates or place your existing
certificates under /etc/ssl/st2, and configure nginx with BWC‘s supplied
site config file st2.conf.

BWC depends on Nginx version >=1.7.5; since Ubuntu 14 has an older version
in the package repositories at the time of writing, you will have to include
the official Nginx repository into the source list:

Review and edit the /opt/stackstorm/chatops/st2chatops.env configuration file to point it to
your BWC installation and Chat Service you are using. At a minimum, you should generate an
API key <authentication-apikeys> and set the ST2_API_KEY variable. By default st2api
and st2auth are expected to be on the same host. If that is not the case, please update the
ST2_API and ST2_AUTH_URL variables or just point to the correct host with ST2_HOSTNAME.

The example configuration uses Slack. To set this up, go to the Slack web admin interface, create
a Bot, and copy the authentication token into HUBOT_SLACK_TOKEN.

If you are using a different Chat Service, set corresponding environment variables under
Chat service adapter settings:
Slack,
HipChat,
Yammer,
Flowdock,
IRC ,
XMPP.

Start the service:

sudoservicest2chatopsstart

Reload st2 packs to make sure chatops.notify rule is registered:

sudost2ctlreload--register-all

That’s it! Go to your Chat room and begin ChatOpsing. Read more in the ChatOps section.

By default when dependent services such as MongoDB, RabbitMQ and PostgreSQL are installed, they
have authentication disabled or use a default static password. As such, after you install those
services you should configure them and enable authentication with strong randomly generated
passwords.

Configuring authorization and passwords for those services is out of the scope for this documentation.
For more information refer to the links below:

Configure services to only listen on localhost, and where needed, internal IP addresses. There
is usually no need for most services which are used by BWC (MongoDB, RabbitMQ, PostgreSQL) to
be available to the public and listen on an external (public) IP address.

Configure a firewall and set up a whitelist. You should set up a firewall and only allow services
and users which need access to the services to be able to access them. API and auth service
usually need to be accessible to your users, but other dependent services such as MongoDB,
RabbitMQ and PostgreSQL aren’t. These should not be directly accessible by users, and only
StackStorm components should be allowed to talk to them.

Where possible and available, you should also utilize additional network-based isolation and
security features such as DMZs.

The steps mentioned above are especially important for distributed production deployments where BWC
components are running on multiple servers.

Brocade Workflow Composer is deployed as an addition on top of StackStorm. You will need an active
Brocade Workflow Composer subscription, and a license key to access Brocade Workflow Composer repositories.
To add your license key, replace ${BWC_LICENSE_KEY} in the command below with the key you received when
registering or purchasing.